typeclaw 0.32.0 → 0.33.0

package/src/secrets/oauth-xai.ts

@@ -0,0 +1,342 @@
+import { createServer, type Server } from 'node:http'
+
+import { registerOAuthProvider } from '@mariozechner/pi-ai/oauth'
+import type { OAuthCredentials, OAuthLoginCallbacks, OAuthProviderInterface } from '@mariozechner/pi-ai/oauth'
+
+// xAI (Grok) OAuth 2.0. xAI runs a standard OIDC authorization server at
+// auth.x.ai that supports BOTH authorization-code + PKCE (loopback callback)
+// and the device-authorization grant. We implement the auth-code path with a
+// localhost callback server (same UX as pi-ai's anthropic provider) plus a
+// manual-paste fallback for cross-device/SSH flows.
+//
+// There is no public developer console to register a third-party OAuth client,
+// so — like every OSS Grok integration (Grok CLI, opencode, hermes-agent,
+// pi-xai-oauth) — we reuse the Grok CLI's public client id. The `plan=generic`
+// query param is load-bearing: loopback OAuth against this client id is
+// rejected without it. `referrer` is attribution only.
+//
+// Endpoints below are the live values from
+// https://auth.x.ai/.well-known/openid-configuration. The token endpoint speaks
+// application/x-www-form-urlencoded (OAuth2 default) — NOT JSON like Anthropic.
+export const XAI_OAUTH_PROVIDER_ID = 'xai'
+
+const CLIENT_ID = 'b1a00492-073a-47ea-816f-4c329264a828'
+const AUTHORIZE_URL = 'https://auth.x.ai/oauth2/authorize'
+const TOKEN_URL = 'https://auth.x.ai/oauth2/token'
+const CALLBACK_HOST = '127.0.0.1'
+const CALLBACK_PORT = 56121
+const CALLBACK_PATH = '/callback'
+const REDIRECT_URI = `http://${CALLBACK_HOST}:${CALLBACK_PORT}${CALLBACK_PATH}`
+const SCOPES = 'openid profile email offline_access grok-cli:access api:access'
+const REFERRER = 'typeclaw'
+// Refresh slightly early so an in-flight request never races expiry.
+const EXPIRY_SKEW_MS = 5 * 60 * 1000
+const REQUEST_TIMEOUT_MS = 30_000
+
+type XaiTokenResponse = {
+  access_token?: string
+  refresh_token?: string
+  expires_in?: number
+  token_type?: string
+}
+
+function base64UrlEncode(bytes: Uint8Array): string {
+  let binary = ''
+  for (const byte of bytes) binary += String.fromCharCode(byte)
+  return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '')
+}
+
+// PKCE (RFC 7636, S256). pi-ai keeps its `generatePKCE` helper out of the
+// public `/oauth` barrel, so we generate the verifier/challenge with Web Crypto
+// directly — available in both Node and Bun.
+async function generatePkce(): Promise<{ verifier: string; challenge: string }> {
+  const verifier = base64UrlEncode(crypto.getRandomValues(new Uint8Array(32)))
+  const digest = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(verifier))
+  return { verifier, challenge: base64UrlEncode(new Uint8Array(digest)) }
+}
+
+function parseAuthorizationInput(input: string): { code?: string; state?: string } {
+  const value = input.trim()
+  if (!value) return {}
+  try {
+    const url = new URL(value)
+    return {
+      code: url.searchParams.get('code') ?? undefined,
+      state: url.searchParams.get('state') ?? undefined,
+    }
+  } catch {
+    // Not a full URL — fall through to query-string / bare-code handling.
+  }
+  if (value.includes('code=')) {
+    const params = new URLSearchParams(value)
+    return {
+      code: params.get('code') ?? undefined,
+      state: params.get('state') ?? undefined,
+    }
+  }
+  return { code: value }
+}
+
+type CallbackServer = {
+  server: Server
+  cancelWait: () => void
+  waitForCode: () => Promise<{ code: string; state: string | null } | null>
+}
+
+function successHtml(): string {
+  return '<!doctype html><html><body style="font-family:sans-serif;padding:2rem"><h2>xAI authentication complete.</h2><p>You can close this window and return to the terminal.</p></body></html>'
+}
+
+// The OAuth `error` query param is provider-supplied and reflected into the
+// callback page, so escape it to keep a crafted callback URL
+// (`?error=<script>…`) from injecting markup into the local page.
+function escapeHtml(value: string): string {
+  return value
+    .replaceAll('&', '&amp;')
+    .replaceAll('<', '&lt;')
+    .replaceAll('>', '&gt;')
+    .replaceAll('"', '&quot;')
+    .replaceAll("'", '&#39;')
+}
+
+export function errorHtml(message: string): string {
+  return `<!doctype html><html><body style="font-family:sans-serif;padding:2rem"><h2>xAI authentication failed.</h2><p>${escapeHtml(message)}</p></body></html>`
+}
+
+// Resolves to `null` when the fixed loopback port can't be bound (EADDRINUSE,
+// sandbox bind restriction). The caller then falls back to manual-paste mode
+// rather than failing the whole login — the browser callback is a convenience,
+// not a hard requirement, since the user can always paste the redirect URL.
+function startCallbackServer(expectedState: string): Promise<CallbackServer | null> {
+  return new Promise((resolve) => {
+    let settle: ((value: { code: string; state: string | null } | null) => void) | undefined
+    const waitForCodePromise = new Promise<{ code: string; state: string | null } | null>((resolveWait) => {
+      let settled = false
+      settle = (value) => {
+        if (settled) return
+        settled = true
+        resolveWait(value)
+      }
+    })
+
+    const server = createServer((req, res) => {
+      try {
+        const url = new URL(req.url || '', `http://${CALLBACK_HOST}`)
+        if (url.pathname !== CALLBACK_PATH) {
+          res.writeHead(404, { 'Content-Type': 'text/html; charset=utf-8' })
+          res.end(errorHtml('Callback route not found.'))
+          return
+        }
+        const code = url.searchParams.get('code')
+        const state = url.searchParams.get('state')
+        const error = url.searchParams.get('error')
+        if (error) {
+          res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' })
+          res.end(errorHtml(`Error: ${error}`))
+          return
+        }
+        if (!code) {
+          res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' })
+          res.end(errorHtml('Missing code parameter.'))
+          return
+        }
+        if (state !== expectedState) {
+          res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' })
+          res.end(errorHtml('State mismatch.'))
+          return
+        }
+        res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
+        res.end(successHtml())
+        settle?.({ code, state })
+      } catch {
+        res.writeHead(500, { 'Content-Type': 'text/plain; charset=utf-8' })
+        res.end('Internal error')
+      }
+    })
+
+    server.on('error', () => {
+      server.close()
+      resolve(null)
+    })
+    server.listen(CALLBACK_PORT, CALLBACK_HOST, () => {
+      resolve({
+        server,
+        cancelWait: () => settle?.(null),
+        waitForCode: () => waitForCodePromise,
+      })
+    })
+  })
+}
+
+export type FetchFn = (input: string, init: RequestInit) => Promise<Response>
+
+async function postForm(url: string, body: Record<string, string>, fetchImpl: FetchFn): Promise<XaiTokenResponse> {
+  const response = await fetchImpl(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded',
+      Accept: 'application/json',
+    },
+    body: new URLSearchParams(body).toString(),
+    signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
+  })
+  const text = await response.text()
+  if (!response.ok) {
+    throw new Error(`xAI OAuth request failed. status=${response.status}; url=${url}; body=${text}`)
+  }
+  try {
+    return JSON.parse(text) as XaiTokenResponse
+  } catch {
+    throw new Error(`xAI OAuth returned invalid JSON. url=${url}; body=${text}`)
+  }
+}
+
+function toCredentials(token: XaiTokenResponse): OAuthCredentials {
+  if (!token.access_token || !token.refresh_token || token.expires_in === undefined) {
+    throw new Error('xAI OAuth response missing access_token, refresh_token, or expires_in')
+  }
+  return {
+    access: token.access_token,
+    refresh: token.refresh_token,
+    expires: Date.now() + token.expires_in * 1000 - EXPIRY_SKEW_MS,
+  }
+}
+
+async function exchangeAuthorizationCode(
+  code: string,
+  verifier: string,
+  fetchImpl: FetchFn,
+): Promise<OAuthCredentials> {
+  const token = await postForm(
+    TOKEN_URL,
+    {
+      grant_type: 'authorization_code',
+      client_id: CLIENT_ID,
+      code,
+      redirect_uri: REDIRECT_URI,
+      code_verifier: verifier,
+    },
+    fetchImpl,
+  )
+  return toCredentials(token)
+}
+
+export async function loginXai(callbacks: OAuthLoginCallbacks, fetchImpl: FetchFn = fetch): Promise<OAuthCredentials> {
+  const { verifier, challenge } = await generatePkce()
+  const server = await startCallbackServer(verifier)
+  let code: string | undefined
+  try {
+    const authParams = new URLSearchParams({
+      client_id: CLIENT_ID,
+      response_type: 'code',
+      redirect_uri: REDIRECT_URI,
+      scope: SCOPES,
+      code_challenge: challenge,
+      code_challenge_method: 'S256',
+      state: verifier,
+      plan: 'generic',
+      referrer: REFERRER,
+    })
+    callbacks.onAuth({
+      url: `${AUTHORIZE_URL}?${authParams.toString()}`,
+      instructions:
+        'Complete login in your browser. If the browser is on another machine, paste the final redirect URL here.',
+    })
+
+    if (server && callbacks.onManualCodeInput) {
+      // Race the local callback server against a manual paste: whichever lands
+      // a code first wins (cross-device/SSH logins can't reach the loopback).
+      let manualInput: string | undefined
+      let manualError: Error | undefined
+      const manualPromise = callbacks
+        .onManualCodeInput()
+        .then((input) => {
+          manualInput = input
+          server.cancelWait()
+        })
+        .catch((err) => {
+          manualError = err instanceof Error ? err : new Error(String(err))
+          server.cancelWait()
+        })
+
+      const result = await server.waitForCode()
+      if (manualError) throw manualError
+      if (result?.code) {
+        code = result.code
+      } else if (manualInput) {
+        code = parseManualCode(manualInput, verifier)
+      }
+      if (!code) {
+        await manualPromise
+        if (manualError) throw manualError
+        if (manualInput) {
+          code = parseManualCode(manualInput, verifier)
+        }
+      }
+    } else if (server) {
+      const result = await server.waitForCode()
+      if (result?.code) code = result.code
+    } else if (callbacks.onManualCodeInput) {
+      // No callback server bound — manual paste is the only path to a code.
+      code = parseManualCode(await callbacks.onManualCodeInput(), verifier)
+    }
+
+    if (!code) {
+      const input = await callbacks.onPrompt({
+        message: 'Paste the authorization code or full redirect URL:',
+        placeholder: REDIRECT_URI,
+      })
+      code = parseManualCode(input, verifier)
+    }
+
+    if (!code) throw new Error('Missing authorization code')
+
+    callbacks.onProgress?.('Exchanging authorization code for tokens...')
+    return await exchangeAuthorizationCode(code, verifier, fetchImpl)
+  } finally {
+    server?.server.close()
+  }
+}
+
+function parseManualCode(input: string, verifier: string): string | undefined {
+  const parsed = parseAuthorizationInput(input)
+  if (parsed.state && parsed.state !== verifier) throw new Error('OAuth state mismatch')
+  return parsed.code
+}
+
+export async function refreshXaiToken(refreshToken: string, fetchImpl: FetchFn = fetch): Promise<OAuthCredentials> {
+  const token = await postForm(
+    TOKEN_URL,
+    {
+      grant_type: 'refresh_token',
+      client_id: CLIENT_ID,
+      refresh_token: refreshToken,
+    },
+    fetchImpl,
+  )
+  // Some OAuth servers omit a rotated refresh token on refresh; keep the prior
+  // one so the credential stays usable across the next cycle.
+  return toCredentials({ ...token, refresh_token: token.refresh_token ?? refreshToken })
+}
+
+export const xaiOAuthProvider: OAuthProviderInterface = {
+  id: XAI_OAUTH_PROVIDER_ID,
+  name: 'xAI (Grok)',
+  usesCallbackServer: true,
+  login: loginXai,
+  refreshToken: (credentials) => refreshXaiToken(credentials.refresh),
+  getApiKey: (credentials) => credentials.access,
+}
+
+let registered = false
+
+// pi-ai ships no built-in xAI OAuth provider, so we register ours. Idempotent
+// and called from `createSecretsStoreForAgent` — the single chokepoint both the
+// init-time login path and the container-runtime auth/refresh path go through —
+// so the provider is always present before `AuthStorage.login()` /
+// `getApiKey()` look it up via `getOAuthProvider('xai')`.
+export function registerXaiOAuthProvider(): void {
+  if (registered) return
+  registerOAuthProvider(xaiOAuthProvider)
+  registered = true
+}

package/src/secrets/storage.ts

@@ -9,6 +9,7 @@ import {
 import lockfile from 'proper-lockfile'
 
 import { providerKeyDefaultEnv } from './defaults'
+import { registerXaiOAuthProvider } from './oauth-xai'
 import { resolveSecret, type Secret } from './resolve'
 import {
   type Channels,
@@ -374,6 +375,7 @@ export class SecretsBackend implements AuthStorageBackend {
 }
 
 export function createSecretsStoreForAgent(secretsPath: string): AuthStorage {
+  registerXaiOAuthProvider()
   return AuthStorageImpl.fromStorage(new SecretsBackend(secretsPath))
 }
 

package/src/skills/typeclaw-markdown-pdf/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: typeclaw-markdown-pdf
-description: "Turn any Markdown into a polished, professional PDF and (optionally) attach it to a channel. Load this whenever you need to deliver a document as a PDF rather than raw markdown — reports, summaries, briefs, meeting notes, docs, anything a human would want to download, print, or forward. Triggers: 'make a PDF', 'export to PDF', 'markdown to PDF', 'PDF report', 'attach the report', 'send me a PDF', 'as a PDF', 'turn this into a document', a researcher/subagent result you want to ship as a file, 'PDF로', 'PDF로 만들어', 'PDF로 변환', 'PDF 첨부'. Also load before saying you cannot produce PDFs — you can: this skill installs a tiny Typst toolchain into workspace/ on first use, then renders. Covers the one-time setup, the styled wrapper, the render command, and how to attach the PDF to Slack/Discord/Telegram/KakaoTalk. For operating on EXISTING PDFs (merge, split, extract text, fill forms), this is not the skill — use pypdf/qpdf instead."
+description: "The ONLY supported way to turn Markdown into a polished, professional PDF (and optionally attach it to a channel). Load this whenever you need to deliver a document as a PDF rather than raw markdown — reports, summaries, briefs, meeting notes, docs, render report, export document, anything a human would want to download, print, or forward, including a researcher's report file shipped as a Slack/Discord attachment. Triggers: 'make a PDF', 'export to PDF', 'markdown to PDF', 'PDF report', 'render report', 'export document', 'the report', 'attach the report', 'send me a PDF', 'as a PDF', 'turn this into a document', a researcher/subagent result you want to ship as a file, 'PDF로', 'PDF로 만들어', 'PDF로 변환', 'PDF 첨부', '리포트', '보고서'. Handles CJK/Korean/Japanese/Chinese: CJK fonts are opt-in, so before rendering it checks whether a CJK font is present and, if not, asks the user to enable `docker.file.cjkFonts` and regenerate rather than shipping a tofu PDF — it never auto-downloads a font. Also load before saying you cannot produce PDFs — you can: this skill installs a tiny Typst toolchain into workspace/ on first use, then renders. NEVER build a PDF with jsPDF, pdfkit, a canvas text dump, or a headless-browser raw-text print — those produce unrendered markdown and broken CJK; this skill is the only correct path. Covers the one-time setup, the styled wrapper, the render command, and how to attach the PDF to Slack/Discord/Telegram/KakaoTalk. For operating on EXISTING PDFs (merge, split, extract text, fill forms), this is not the skill — use pypdf/qpdf instead."
 ---
 
 # typeclaw-markdown-pdf
@@ -22,6 +22,15 @@ You do **not** need to learn Typst markup. `cmarker` renders your CommonMark
 wrapper only sets _styling_ — fonts, margins, headings, page numbers — so the
 output looks deliberate, not like a default-template export.
 
+> **This is the only supported way to make a PDF from Markdown in TypeClaw.**
+> Do **not** reach for `jsPDF`, `pdfkit`, a `<canvas>` text dump, or a
+> headless-browser "print raw text" path. Those skip Markdown rendering (you get
+> literal `##` and `**` in the output) and ship no CJK font, so Korean/Japanese/
+> Chinese come out as mojibake. The Typst path below renders the Markdown properly;
+> for CJK it relies on the opt-in `cjkFonts` font and gates on its presence (see
+> "## Handling CJK content") rather than shipping tofu. If you catch yourself about
+> to `bun add` a PDF library, stop and use this skill instead.
+
 ## When to use this
 
 - A research report, brief, or summary the user wants as a downloadable file.
@@ -141,10 +150,60 @@ Notes:
   wherever the Latin fonts have no glyph, leaving Latin runs untouched. It comes
   from `fonts-noto-cjk`, which Step 3's renderer loads from `/usr/share/fonts` via
   `fontPaths`. **The package is only present when the container's `cjkFonts` toggle
-  resolves to `true`.** Its default is `"auto"`, which installs the fonts only when
-  the host locale is CJK (`ja`/`ko`/`zh`) — so on a non-CJK host, CJK PDFs still
-  render as tofu until you set `docker.file.cjkFonts: true` in `typeclaw.json` and
-  rebuild. If your CJK font lives elsewhere, add its dir to the `fontPaths` list.
+  resolves to `true`** (default `"auto"` installs it only on a CJK host locale), so
+  on a non-CJK host CJK text renders as tofu — see "## Handling CJK content" below
+  for the pre-render check that catches this and asks the user before shipping a
+  broken PDF. If your CJK font lives elsewhere, add its dir to the `fontPaths` list.
+
+## Handling CJK content
+
+CJK fonts are **opt-in** (the `docker.file.cjkFonts` toggle). When they are off,
+Typst still renders — it just substitutes `.notdef` tofu boxes for every
+Korean/Japanese/Chinese glyph, so the render "succeeds" and you can ship a broken
+PDF without noticing. **Do not** download, vendor, or `curl` a font into the
+workspace to work around this, and **do not** silently deliver a tofu PDF. Instead,
+run this gate **before** Step 3 whenever the markdown might contain CJK:
+
+```sh
+# Run from workspace/. MD is the markdown you are about to render.
+MD="report.md"
+
+# Hangul, Kana, CJK ideographs + the common extensions. grep -P on Debian; perl
+# slurp as the fallback (BusyBox/macOS grep lack -P).
+CJK_RE='[\x{1100}-\x{11FF}\x{3130}-\x{318F}\x{AC00}-\x{D7A3}\x{3040}-\x{30FF}\x{31F0}-\x{31FF}\x{3400}-\x{4DBF}\x{4E00}-\x{9FFF}\x{F900}-\x{FAFF}\x{20000}-\x{2A6DF}\x{2A700}-\x{2B73F}\x{2B740}-\x{2B81F}\x{2B820}-\x{2CEAF}\x{2CEB0}-\x{2EBEF}\x{30000}-\x{3134F}]'
+if command -v grep >/dev/null && echo | grep -qP '' 2>/dev/null; then
+  LC_ALL=C.UTF-8 grep -qP "$CJK_RE" -- "$MD" && HAS_CJK=1 || HAS_CJK=0
+else
+  perl -CSDA -0777 -ne "exit(/$CJK_RE/ ? 0 : 1)" "$MD" && HAS_CJK=1 || HAS_CJK=0
+fi
+
+# A CJK font Typst can load. dpkg is the authoritative signal for the opt-in
+# fonts-noto-cjk package; the file scan covers a preinstalled or mounted font.
+# fontconfig/fc-list is NOT consulted — Typst reads fontPaths directly, not fc.
+has_cjk_font() {
+  dpkg-query -W -f='${Status}' fonts-noto-cjk 2>/dev/null | grep -q 'install ok installed' && return 0
+  find /usr/share/fonts /usr/local/share/fonts -type f \( -iname '*.otf' -o -iname '*.ttf' -o -iname '*.ttc' \) 2>/dev/null |
+    grep -Eiq '(Noto(Sans|Serif)CJK|Noto (Sans|Serif) CJK|SourceHan|Source Han|WenQuanYi|Nanum|Unifont|DroidSansFallback|AR PL)'
+}
+
+if [ "$HAS_CJK" = 1 ] && ! has_cjk_font; then
+  echo "CJK_FONT_MISSING"
+fi
+```
+
+If the gate prints `CJK_FONT_MISSING`, **stop — do not render or attach a PDF.**
+Tell the user, honestly, that this is a restart-required boot setting, e.g.:
+
+> This report has Korean/Japanese/Chinese text, but the container has no CJK font
+> — they're opt-in, so the PDF would come out as tofu boxes. Want me to set
+> `docker.file.cjkFonts: true` in `typeclaw.json`? It's a boot setting, so after I
+> edit it you'll need to run `typeclaw restart` from the host project directory,
+> and then I'll regenerate the PDF.
+
+Only after the user agrees: edit `typeclaw.json` to set `docker.file.cjkFonts:
+true` (use the `typeclaw-config` skill), ask them to `typeclaw restart`, and
+regenerate the PDF **after** the restarted container reports `has_cjk_font` true.
+If the markdown has no CJK, or a CJK font is present, skip straight to Step 3.
 
 ## Step 3 — render
 

package/typeclaw.schema.json

@@ -41,7 +41,16 @@
               "zai-coding/glm-4.7",
               "zai-coding/glm-5",
               "zai-coding/glm-5-turbo",
-              "zai-coding/glm-5.1"
+              "zai-coding/glm-5.1",
+              "xai/grok-4.3",
+              "xai/grok-4.20-0309-reasoning",
+              "xai/grok-4.20-0309-non-reasoning",
+              "xai/grok-build-0.1",
+              "minimax/MiniMax-M3",
+              "minimax/MiniMax-M2.7",
+              "minimax/MiniMax-M2.5",
+              "minimax/MiniMax-M2.1",
+              "minimax/MiniMax-M2"
             ]
           },
           {
@@ -69,7 +78,16 @@
                 "zai-coding/glm-4.7",
                 "zai-coding/glm-5",
                 "zai-coding/glm-5-turbo",
-                "zai-coding/glm-5.1"
+                "zai-coding/glm-5.1",
+                "xai/grok-4.3",
+                "xai/grok-4.20-0309-reasoning",
+                "xai/grok-4.20-0309-non-reasoning",
+                "xai/grok-build-0.1",
+                "minimax/MiniMax-M3",
+                "minimax/MiniMax-M2.7",
+                "minimax/MiniMax-M2.5",
+                "minimax/MiniMax-M2.1",
+                "minimax/MiniMax-M2"
               ]
             }
           }